Multiple Denial of Service Vulnerabilities in Xen

Release date:
Updated on:

Affected Systems:
XenSource Xen 4.x
XenSource Xen 3.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-4535, CVE-2012-4536, CVE-2012-4537, CVE-2012-4538, CVE-2012-4539

Xen is an open-source Virtual Machine monitor developed by the University of Cambridge.

Xen has multiple security vulnerabilities that can be exploited by malicious local users on virtual machines to cause DOS.

1) Errors During VCPU end date processing can be exploited to trigger infinite loops and crashes.

2) when processing the pirq value, the "domain_pirq_to_emuirq ()" function has an out-of-bounds read error and can be exploited to cause a crash.

3) When an error occurs when the "set_p2m_entry ()" Call fails, the p2m table memory can be exhausted, triggering an exception and causing a crash.

4) An error occurred while processing the "HVMOP_pagetable_dying ()" supercall can be exploited to cause a crash.

5) errors in the "GNTTABOP_get_status_frames ()" function can be exploited to trigger infinite loops and crashes.

<* Source: vendor

Link: http://secunia.com/advisories/51200/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

XenSource
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
Http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
Http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
Http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
Http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html